package com.yin.ketech.config.security;

<<<<<<< HEAD
import com.yin.ketech.util.RedisTokenUtils;
import org.springframework.beans.factory.annotation.Autowired;
=======
>>>>>>> cda7e6faafb283ab24c45e9df787a16e2b53f86c
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.core.GrantedAuthorityDefaults;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.AuthenticationEntryPoint;
<<<<<<< HEAD
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
=======
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.web.cors.CorsUtils;
>>>>>>> cda7e6faafb283ab24c45e9df787a16e2b53f86c

/**
 * @ClassName SecurityConfig
 * @Author luzw
 * @Description
 * @Version V1.0
 * @Date 2020/6/2 16:48
 **/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(-1)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    /**
     * 定义认证规则
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(customUserService()).passwordEncoder(passwordEncoder());
    }

    /***
     * 去除角色前缀
     * @return
     */
    @Bean
    GrantedAuthorityDefaults grantedAuthorityDefaults() {
        // Remove the ROLE_ prefix
        return new GrantedAuthorityDefaults("");
    }

    /***
     * 权限认证
     * @return
     * @throws Exception
     */
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    /**
     * 自定义授权规则
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 开启CORS，关闭CSRF跨域
        http.cors().and().csrf().disable()
                //异常处理
                .exceptionHandling()
                //未登录用户的权限错误
                .authenticationEntryPoint(authenticationEntryPoint())
                .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                // swagger2
                .antMatchers( HttpMethod.POST,"/user/login").anonymous()
                .antMatchers( HttpMethod.POST,"/user/accessToken/refresh").anonymous()
                .antMatchers("/webSocket/**").anonymous()
                .antMatchers("/swagger-ui.html").anonymous()
                .antMatchers("/swagger-resources/**").anonymous()
                .antMatchers("/webjars/**").anonymous()
                .antMatchers("/*/api-docs").anonymous()
                .antMatchers(HttpMethod.OPTIONS, "/**").anonymous()
                //.requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
                .antMatchers("/druid/**").permitAll()
                // 任何尚未匹配的URL只需要验证用户即可访问
                .anyRequest().authenticated()
                .and().headers().frameOptions().disable();
                //.and().formLogin().loginProcessingUrl("/login").successHandler(authenticationSuccessHandler())
                /*.and()
                /*.logout().logoutUrl("/logout").logoutSuccessHandler(logoutHandler());*/
        http.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
    }

    /**
     * 设置用户密码的加密方式
     * @return
     */
    @Bean
    public Md5PasswordEncoder passwordEncoder() {
        return new Md5PasswordEncoder();
    }

    @Bean
    public UserDetailsService customUserService() {
        return new CustomUserService();
    }

    @Bean
    public AuthenticationEntryPoint authenticationEntryPoint() {
        return new CustomAuthenticationEntryPoint();
    }

<<<<<<< HEAD

    @Autowired
    private RedisTokenUtils redisTokenUtils;

    @Bean
    public CustomerAuthenticationTokenFilter jwtAuthenticationTokenFilter() {
        return new CustomerAuthenticationTokenFilter(customUserService(),redisTokenUtils);
=======
    @Bean
    public CustomerJwtAuthenticationTokenFilter jwtAuthenticationTokenFilter() {
        return new CustomerJwtAuthenticationTokenFilter(customUserService());
>>>>>>> cda7e6faafb283ab24c45e9df787a16e2b53f86c
    }



}
